August 2011 Archives

August 1, 2011

House Committee Approves Controversial Measure to Require Data Retention for All Internet Users

The House of Representatives Judiciary Committee voted to approve a bill that will require Internet Service Providers (ISPs) to retain data on every customer to allow the government to identify and track their online activity for one year. EPIC Director Marc Rotenberg testified against the bill at the subcommittee hearing, and his arguments were cited by committee members including Representative Jerrold Nadler (D-NY). After two days of deliberation, the bill was passed with an amendment to require ISPs to retain even more information: not only internet protocol addresses, but also customer names, addresses, phone records, type and length of service, and credit card numbers. This retention is a radical contradiction of the core American value that we are innocent until proven guilty, said Representative Jason Chaffetz (R-UT). The bill purports to use the data to prosecute child pornography, but Representative James Sensenbrenner (R-WI) was "not convinced it will contribute in any meaningful way to prosecuting child pornography," and Representative Zoe Lofgren (D-CA) stated that it is an "unprecedented power grab by the federal government - it goes way beyond fighting child pornography." Representative Bobby Scott (D-VA) pointed out the data would be available for many other uses, including copyright prosecution and divorce cases. This data will be made available to law enforcement officers without a warrant or judicial oversight, and is a convenient way for law enforcement to get powers they couldn't get in the Patriot Act, said Representative Darrell Issa (R-CA). For more information, see EPIC- Data Retention.

Tags:

August 2, 2011

Government Accountability Office: Agencies Must Improve Social Networking Privacy, Security

An independent report recommends that federal agencies "improve their development and implementation of policies and procedures for managing and protecting information associated with social media use." The Government Accountability Office, an independent, nonpartisan agency, surveyed twenty-three agencies concerning privacy and security policies. Only half of the agencies have updated their privacy policies to take account of personal information collected through social media monitoring. Only a quarter conducted privacy impact assessments of agency social media activities. The GAO also noted that only seven of the surveyed agencies have identified and documented social-media security risks. In March, EPIC filed comments regarding DHS's Social Media Monitoring and Situational Awareness Initiative, identifying substantial privacy and security risks. For more information, see EPIC: Social Networking Privacy.

Tags:

Senate Passes Faster FOIA Act

The Senate unanimously approved bipartisan legislation, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), to improve Freedom of Information Act (FOIA) processing. The Faster FOIA Act will create an advisory panel to examine agency backlogs and provide recommendations to Congress. The bill awaits action by the House of Representatives. EPIC previously testified before the House Oversight Committee about FOIA delays and politicized processing within the Department of Homeland Security. For more information see: EPIC: Open Government and EPIC: Litigation Under the Federal Open Government Laws.

Tags:

August 3, 2011

TSA Expands Behavioral Profiling at Boston Airport

The Transportation Security Administration has begun training screeners at Logan International Airport in Boston to engage in behavioral profiling of air travelers. The program authorizes Transportation Security Officers to ask airline passengers personal questions concerning their travel plans and employment. Some travelers will be subjected to additional, invasive searches based on their responses. For more, see EPIC: Air Travel Privacy.

Tags:

August 5, 2011

EPIC-led Coalition Calls For Suspension of Secret Government Watchlist

EPIC and a coalition of privacy, consumer rights, and civil rights organizations filed a statement to the Department of Homeland Security. The group opposed proposed changes to the Watchlist Service, a secretive government database filled with sensitive information. The agency has solicited comments on the program, which entails developing a real-time duplicate copy of the database and expanding the groups and personnel with immediate access to the records. The groups focused on the security and privacy risks posed by the new system, as well as The Privacy Act. Passed by Congress in 1974, the Act requires DHS to notify subjects of government surveillance in addition to providing a meaningful opportunity to correct information that could negatively affect them. EPIC has testified before Congress and published a "Spotlight on Surveillance" report about the Watchlist program. For more information, see EPIC: Secure Flight and EPIC: Passenger Profiling.

Tags:

August 6, 2011

California Protects the Privacy of Smart Meter Data

The California Public Utility Commission has established new rules to protect information about consumer use of "smart meter" electrical services. The California decision, the first in the country, establishes fair information practice requirements, including a consumer right of access and control, data minimization obligations, use and disclosure limitations, and data quality and integrity requirements. Electric utilities and their contractors, as well as third party who receive electricity usage data from utilities are subject to the new rules. EPIC submitted extensive comments to the Public Utility Commission regarding privacy safeguards for consumer energy usage data. For more, see EPIC Smart Grid Privacy.

Tags:

August 12, 2011

Department of Homeland Security Terminates Biometric Collection Agreements With States, Intends to Continue Program Without Safeguards

The Department of Homeland Security wrote to State Governors, stating that the agency intends to terminate agreements with state and local governments concerning the Secure Communities program. The agency states that it intends to unilaterally pursue the program despite the termination, though it fails to cite any legal authority in support of the tactic. The statement follows lawmakers' recent criticism of Secure Communities. The program collects and discloses biometric information obtained from individuals who come into contact with police. In June, California legislators urged Governor Jerry Brown to suspend the state's participation in Secure Communities, citing a “crisis of confidence” in the program. The lawmakers identified numerous risks raised by the program and noted that "victims of domestic violence have been [wrongfully] placed into deportation proceedings as the result of Secure Communities when they simply called the police for help." Previously, Illinois, New York and Massachusetts ended their participation in the program. For more, see EPIC: Secure Communities.

Tags:

August 16, 2011

FTC Finds Mobile Phone App Violated Children's Privacy Law

W3 Innovations, a company that develops mobile phone games, settled charges with the Federal Trade Commission for violations of the Children's Online Privacy Protection Act (COPPA). In the first settlement concerning a mobile application, the Commission imposed a fine of $50,000 against the company for "illegally collecting and disclosing personal information from tens of thousands of children under age 13 without their parents prior consent." EPIC previously testified before the Senate Commerce Committee and submitted comments to the FTC on the need to update COPPA and to clarify the law's application to mobile and social networking services. EPIC also has pending complaints at the FTC regarding Facebook's facial recognition program and changes Facebook made to user privacy settings. For more information, see EPIC: FTC and EPIC: COPPA.

Tags:

August 17, 2011

DHS Refuses to Disclose Details of Mobile Body Scanner Technology

New documents released by the Department of Homeland Security to EPIC indicate the the agency continues to hide details about body scanners. In November 2010, EPIC filed a Freedom of Information Act request with the agency regarding the deployment of body scanners in surface transit and street-roving vans. In its latest document release the agency supplied several papers that were completely redacted. As a result of the agency's failure to comply with the Freedom of Information Act, EPIC has filed suit to force disclosure of the records. For more information, see: EPIC: Body Scanner Technology and EPIC: FOIA Note #20.

Tags:

August 24, 2011

Twitter Adopts Privacy Enhancing Technique, Defaults to HTTPS

Twitter has joined the ranks of Gmail with a decision to implement HTTPS functionality by default for all users in order to encrypt data and protect privacy. The change stems from several security problems in early 2011, including two incidents where hackers gained administrative control of the popular service and led to a settlement with the Federal Trade Commission requiring Twitter to adopt stronger security measures. Earlier, EPIC had pointed out the importance of HTTPS by default in a complaint to the Commission regarding Google and Cloud Computing Services. For more information, see EPIC: Social Networking Privacy and EPIC: In re Google and Cloud Computing.

Tags:

August 25, 2011

Federal Judge: Locational Data Protected Under Fourth Amendment

A Federal judge has ruled that to law enforcement officers must have a warrant to access cell phone locational data. Courts are divided regarding whether or not this type of data should be protected by a warrant requirement. Judge Garaufis of the Eastern District of New York, found that "The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cell phone must be rejected In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cell-phone user's reasonable expectation of privacy in cumulative cell-site-location records." EPIC has filed amicus briefs in several related cases. For more information see: EPIC: Commonwealth v. Connolly, EPIC: US v. Jones, and EPIC: Locational Privacy.

Tags:

August 26, 2011

EPIC Settles Street View Case with Trade Commission

EPIC and the Federal Trade Commission have agreed to settle an open government lawsuit concerning the FTC's decision to close the investigation of Google Street View. EPIC sought documents from the Commission after Members of Congress had urged the agency to pursue an aggressive investigation and many privacy agencies around the world found that Google violated national privacy laws. The agency turned over to EPIC agency records which suggested that the agency believed it lacked enforcement authority. However, the closing letter in the case also indicated that the Commission never undertook an independent investigation to determine whether other violations of law may have occurred. The case is EPIC v. FTC, No. 11-cv-00881 (D.C. Dist. Ct 2011). For more information, see EPIC: Google Street View.

Tags:

August 29, 2011

Facebook Makes Some Changes, Privacy Complaints Still Pending

In response to several complaints filed by EPIC with the Federal Trade Commission, Facebook announced that it would make some changes in its business practices, including providing more accurate information about the disclosure of user data to others and new safeguards for photo tagging. EPIC, along with several privacy organizations, filed several complaints with the FTC about FB's automated tagging of users, changes in Privacy settings, and transfers of personal data, stating that Facebook's practices were "unfair and deceptive." Facebook's recent actions address some but not all of the issues raised by the consumer organizations. The complaint at the FTC are still pending. For more information see EPIC: Facebook Privacy.

Tags:

August 30, 2011

EPIC Files for Rehearing in Airport Body Scanner Case

Citing significant errors in an earlier decision, EPIC has petitioned a federal appeals court to rehear the organization's challenge to the TSA's controversial body scanner program. "The court overstated the effectiveness of the body scanner devices and understated the degree of the privacy intrusion to the travelling public," stated EPIC President Marc Rotenberg. EPIC's petition challenged the Court's finding that the devices detect “liquid and powders," which was never established and was not claimed by the government. EPIC also argued that the court wrongly concluded that the TSA is not subject to a federal privacy law that prohibits video voyeurism. The panel found that TSA body scanner employees are “engaged in law enforcement activity," contrary to the TSA's own regulations. EPIC is pursuing related litigation on the government's deployment of mobile body scanners. For more information, see EPIC: EPIC v. DHS.

Tags:

August 31, 2011

Documents Reveal New Details About DHS Development of Mobile Body Scanners

EPIC has obtained more than one hundred fifty pages of documents detailing the Department of Homeland Security’s development of mobile body scanners and other crowd surveillance technology. The documents were obtained as a result of a Freedom Information Act lawsuit brought by EPIC against the federal agency. According to the documents obtained by EPIC, vehicles equipped with mobile body scanners are designed to scan crowds and pedestrians on the street and can see through bags, clothing, and even other vehicles. The documents also reveal that the mobile backscatter machines cannot be American National Standards Institute “certified people scanners” because of the high level of radiation output and because subjects would not know they have been scanned. For more information see EPIC: Whole Body Imaging Technology and EPIC: EPIC v. DHS (Suspension of the Body Scanner Program).

Former 9-11 Study Commission Chairs Lee Hamilton and Thomas Keen have released a "Tenth Anniversary Report Card," assessing the status of the recommendations made by the 9-11 Commission. The report found that even "with significant federal funding," "explosive detection technology lacks reliability" and that "the next generation of whole body scanning machines are not effective at detecting explosives hidden within the body and raise privacy and health concerns that DHS has not fully addressed." EPIC has made very similar arguments in EPIC v. DHS, the challenge to the TSA body scanner program. For more information, see EPIC - The 9/11 Commission Report.